Definition

database activity monitoring (DAM)

Database activity monitoring (DAM) is the observation of actions in a database. DAM tools monitor, capture and record database events in near-real time and provide alerts about policy violations.

Database activity monitoring can be accomplished through a combination of several methods, including network sniffing, reading of database audit logs and/or system tables and memory scraping. Regardless of the methodology chosen, the data must be correlated in order to detect and get a more accurate picture of what's going on within the database. Vendor DAM tools can help simplify that correlation and provide the administrator with the ability to detect attacks as well as provide forensic evidence in the case of an actual data breach.

DAM product features are designed to enable compliance controls as well as provide operations monitoring and data protection. Unlike simple audit tools that help a database administrator see what data has been changed, DAM software products seek to provide administrators with insight across multiple platforms into how data is viewed and who is viewing it, including administrators. The goal is to differentiate between normal operations and an attack.

This was last updated in April 2011

Next Steps

Adrian Lance discusses how enterprises and organizations can use database security tools for data security and monitoring.

Continue Reading About database activity monitoring (DAM)

Dig Deeper on Cybersecurity risk assessment and management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

File Extensions and File Formats

MicroscopeUK

SearchSecurity

SearchStorage

SearchNetworking

SearchCloudComputing

SearchDataManagement

SearchBusinessAnalytics

Close